Sunday, October 14, 2012

How to migrate an OpenVPN server

Hi,

Recently I had to move our OpenVPN server installation from one server to another. The whole process was a breeze and could be done in under 30 minutes! 

In our case, we were migrating from RHEL 5.4 to CentOS 5.8. I'll go through the migration steps in details, but will not cover the OS and OpenVPN installation for the time being. 
We're also using routed-tunnel mode, not bridged-tunnel. 

So, let's get to it!

To migrate an OpenVPN installation, you basically need the following stuff migrated as is, or with a little bit of modification:
  1. The server.conf file; this will need some editing
  2. The ipp.txt file; this is needed if you need to keep the same list of certificates vs. IP addresses
  3. The keys/ directory; this contains all the machine keys
  4. The vars script that is responsible for setting the certificate/keys variables before creation time
Since the default OpenVPN installation locations for the configuration files when using YUM is /etc/, we'll use that for our discussion. Thus, the following needs to be moved from the old to the new server:

/etc/openvpn/server.conf
/etc/openvpn/ipp.txt
/etc/openvpn/easy-rsa/2.0/vars
/etc/openvpn/easy-rsa/2.0/keys/

/etc/openvpn/server.conf:
Upon moving this file, make sure to edit the local configuration line and insert the new server's listening interface's IP address.

/etc/openvpn/ipp.txt:
Upon moving this file, no editing is required, as this serves as a mapping between keys/certificates and the VPN IP addresses.

/etc/openvpn/easy-rsa/2.0/vars:
Upon moving this file, no editing is required. Note however that this file is very important if you are going to create new keys over the new OpenVPN server.
It is generally a good idea to do the certificate storage and creation on a separate server with no Internet access for security reasons.

/etc/openvpn/easy-rsa/2.0/keys/:
Upon moving this directory, make sure that all files' permissions are intact and identical to those on the original server.

Now comes the second part of the migration, setting up the server for OpenVPN. It's quite simple actually, and goes on as follows:
  • IPv4 packet forwarding:
Edit the /etc/sysctl.conf file and change the following line:
from ==> net.ipv4.ip_forward = 0
to     ==> net.ipv4.ip_forward = 1

Run the following command to apply the changes:
[root@openvpn openvpn]# sysctl -p
  • Allow connection to UDP port 1194:
This of course depends on the value in your /etc/openvpn/server.conf file.
[root@openvpn openvpn]# iptables -A RH-Firewall-1-INPUT -p udp --dport 1194 -j ACCEPT
  • Allow/trust the tun0 interface through the firewall:
[root@openvpn openvpn]# iptables -A RH-Firewall-1-INPUT -i tun0 -j ACCEPT
  • Masquerade your VPN subnet:
[root@openvpn openvpn]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
  • Save your firewall configurations:
[root@openvpn openvpn]# iptables-save > /etc/sysconfig/iptables
  • Start your OpenVPN server and make sure it runs at boot:
[root@openvpn openvpn]# service openvpn start
[root@openvpn openvpn]# chkconfig openvpn on

That's it. Shutdown the old installation, and make sure it doesn't accept any further connections, and ask your users to migrate to the new server.

I believe this covers all :-)

I hope this guide helps someone, please do let me know if something was incorrectly written or described.

Sunday, September 2, 2012

How to fix the Android ICS Cut/Copy/Paste "Force Close" problem

Hello,
So I've had this nagging issue on my Galaxy Tab P6800 7.7", and that no matter what application I'm using and want to do a simple text Copy & Paste, I end up with the application just force closing. Googling around, I stumbled upon this very nice fix; post #8 @ forums.androidcentral.com/verizon-galaxy-s-iii/195268-problems-cut-paste.html .

The fix simply goes as follows:
1- Root your device
2- Download Root Explorer (great app) or such
3- Mount / as R/W
4- Browse to /data/clipboard, mark delete all that's there
5- Head over to your applications, and find a service called TestService, and clear its data
6- Reboot your device and enjoy :-)

So far so good, my device is even running much better.

P.S. I'm on stock ICS with Apex launcher.

Let me know if that helped or if you find any mistakes :-)

Tuesday, July 24, 2012

How to quickly remove Mac apps from Quarantine

Hi all,

Getting the following annoying message every time you open the same app?

“XYZ.app” is an application downloaded from the Internet. Are you sure you want to open it?

I was receiving the same for Adium when I last upgraded it, and found a very easy solution to that. Open up a Terminal window and type in the following:

sudo xattr -d com.apple.quarantine /Applications/Adium.app

Voila! You're done.

Let me know if that helped :)

Sunday, July 1, 2012

How to copy and paste tables in Firefox

Hi all,

During my course of work, I need to frequently copy and paste tables between Firefox tabs. Having to do this, I always used to copy the tables through Google Chrome, and paste them into Firefox to resume work. Of course that's a tedious job, specially when your tables take time to generate (long queries and such). So, what's the solution?

One word, Text2Clipboard add-on!

Simply go to Tools -> Add-ons if you're on a Mac (I don't have a Windows machine to test the steps at the moment), then search for Text2Clipboard. Download and install the add-on and restart your browser. Don't forget to contribute to the developer!

To copy a table, simple right-click the table, highlight Text2Clipboard and select Copy whole table.

To paste anywhere else in Firefox (I personally have to paste some table outputs in some Firefox forms for work), just go over there, right-click and select paste.

Hope this proves useful.

Sunday, June 24, 2012

How to allow Java access to recording devices through browser

So I needed to allow Java access to my Mac's mic and speakers through one of our websites at work. I was prompted to download a .exe file supplied by the vendor to allow access. Since I'm a Mac user, this wasn't an option.

The solution was simply as follows:
  1. Open up your Terminal.app
  2. Create a new file called .java.policy
mSergani:~ $ vim .java.policy
  1. Add the following to the newly created file:
grant {
    permission javax.sound.sampled.AudioPermission "record";
};
  1. Save the file and restart your browser.

I'm now able to record and play sounds through the browser, and so should you :)
This should work just fine on Linux as well.


Let me know if that worked out for you, if there are better ways to do the same!

Saturday, June 23, 2012

My first blog

Hey all,

Just thought to try out a few things, so this is actually my first post on the blog :)
Others *should* follow :)

//M